Main Page | Namespace List | Class Hierarchy | Data Structures | Directories | File List | Data Fields | Globals | Related Pages

user_sec.php

Go to the documentation of this file.
00001 <?
00002 /*
00003  *   This file is part of PhpCompta.
00004  *
00005  *   PhpCompta is free software; you can redistribute it and/or modify
00006  *   it under the terms of the GNU General Public License as published by
00007  *   the Free Software Foundation; either version 2 of the License, or
00008  *   (at your option) any later version.
00009  *
00010  *   PhpCompta is distributed in the hope that it will be useful,
00011  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
00012  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00013  *   GNU General Public License for more details.
00014  *
00015  *   You should have received a copy of the GNU General Public License
00016  *   along with PhpCompta; if not, write to the Free Software
00017  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
00018 */
00019 // Copyright Author Dany De Bontridder ddebontridder@yahoo.fr
00020 /* $Revision: 1.19 $ */
00025 include_once ("ac_common.php");
00026 include_once("check_priv.php");
00027 html_page_start($_SESSION['g_theme']);
00028 if ( ! isset ( $_SESSION['g_dossier'] ) ) {
00029   echo "You must choose a Dossier ";
00030   exit -2;
00031 }
00032 include_once ("postgres.php");
00033 /* Admin. Dossier */
00034 $rep=DbConnect();
00035 include_once ("class_user.php");
00036 $User=new cl_user($rep);
00037 $User->Check();
00038 
00039 include_once ("user_menu.php");
00040 
00041 $cn_dossier=DbConnect($_SESSION['g_dossier']);
00042 
00043 if ( $User->CheckAction($cn_dossier,SECU) == 0 ) {
00044   /* Cannot Access */
00045   NoAccess();
00046   exit -1;
00047  }
00048 echo "<H2 class=\"info\">".$_SESSION['g_name']." </H2>";
00049 
00050 echo ShowMenuParam("user_sec.php");
00051 
00052 
00053 $cn=DbConnect();
00054 $User=ExecSql($cn,"select  use_id,use_first_name,use_name,use_login from ac_users natural join jnt_use_dos where use_login != 'phpcompta' and dos_id=".$_SESSION['g_dossier']);
00055 $MaxUser=pg_NumRows($User);
00056 
00057 
00058 echo '<DIV >';
00059 
00060 echo '<TABLE CELLSPACING="20" ALIGN="CENTER">';
00061 for ($i = 0;$i < $MaxUser;$i++) {
00062   $l_line=pg_fetch_array($User,$i);
00063   //  echo '<TR>';
00064   if ( $i % 3 == 0 && $i != 0)
00065     echo "</TR><TR>";
00066 
00067   printf ('<TD><A href="user_sec.php?action=view&user_id=%s">%s %s ( %s )</A></TD>',
00068           $l_line['use_id'],
00069           $l_line['use_first_name'],
00070           $l_line['use_name'],
00071           $l_line['use_login'] );
00072 
00073 }
00074 echo "</TR>";
00075 echo '</TABLE>';
00076 $action="";
00077 
00078 if ( isset ($_GET["action"] )) {
00079   $action=$_GET["action"];
00080 
00081 }
00082 
00083 // session_register set to off, so variable are undefined
00084 foreach ($HTTP_GET_VARS as $name=>$value) 
00085   ${"$name"}=$value;
00086 
00087 if ( $action == "change_jrn" ) {
00088   // Check if the user can access that folder
00089   if ( CheckDossier($_GET['login'],$_SESSION['g_dossier']) == 0 ) {
00090     echo "<H2 class=\"error\">he cannot access this folder</H2>";
00091     $action="";
00092     return;
00093   }
00094   $login=$_GET['login'];
00095   $jrn=$_GET['jrn'];
00096   $access=$_GET['access'];
00097   $l_Db=sprintf("dossier%d",$_SESSION['g_dossier']);
00098   echo_debug('user_sec.php',__LINE__,"select * from user_sec_jrn where uj_login='$login' and uj_jrn_id=$jrn");
00099   $cn_dossier=DbConnect($_SESSION['g_dossier']);
00100   $l2_Res=ExecSql($cn_dossier,
00101                   "select * from user_sec_jrn where uj_login='$login' and uj_jrn_id=$jrn");
00102   $l2_count=pg_NumRows($l2_Res);
00103   if ( $l2_count == 1 ) {
00104     $Res=ExecSql($cn_dossier,"update  user_sec_jrn set uj_priv='$access' where uj_login='$login' and uj_jrn_id=$jrn");
00105   } else {
00106     $Res=ExecSql($cn_dossier,"insert into  user_sec_jrn(uj_login,uj_jrn_id,uj_priv) values( '$login' ,$jrn,'$access')");
00107   }
00108 
00109   $action="view";
00110 }
00111 if ( $action == "change_act" ) {
00112   // Check if the user can access that folder
00113   if ( CheckDossier($_GET['login'],$_SESSION['g_dossier']) == 0 ) {
00114     echo "<H2 class=\"error\">he cannot access this folder</H2>";
00115     $action="";
00116     return;
00117   }
00118   $l_Db=sprintf("dossier%d",$_SESSION['g_dossier']);
00119   $cn_dossier=DbConnect($_SESSION['g_dossier']);
00120   if ( $_GET['access']==0) {
00121     echo_debug('user_sec.php',__LINE__,"delete right");
00122     $Res=ExecSql($cn_dossier,
00123                  "delete from user_sec_act where ua_login='".$_GET['login']."' and ua_act_id=$act");
00124   } else {
00125     echo_debug('user_sec.php',__LINE__,"insert right");
00126     $Res=ExecSql($cn_dossier,
00127                  "insert into  user_sec_act(ua_login,ua_act_id) values( '$login' ,$act)");
00128   }
00129   $action="view";
00130 }
00131 // Action == View detail for users 
00132 if ( $action == "view" ) {
00133   $l_Db=sprintf("dossier%d",$_SESSION['g_dossier']);
00134   $cn_dossier=DbConnect($_SESSION['g_dossier']);
00135   $cn=DbConnect();
00136   $User=ExecSql($cn,
00137                 "select  use_id,use_first_name,use_name,use_login
00138                 from ac_users where use_id=".$_GET['user_id']);
00139   $MaxUser=pg_NumRows($User);
00140   if ( $MaxUser == 0 ) return;
00141   $l2_line=pg_fetch_array($User,0);
00142 
00143   printf ('<H2 class="info"> Détail utilisateur %s %s (%s) </H2>',
00144           $l2_line['use_first_name'],
00145           $l2_line['use_name'],
00146           $l2_line['use_login']);
00147   // Check if the user can access that folder
00148   if ( CheckDossier($l2_line['use_login'],$_SESSION['g_dossier']) == 0 ) {
00149     echo "<H2 class=\"error\">he cannot access this folder</H2>";
00150     $action="";
00151     return;
00152   }
00153   // Print button
00154   printf ('<TD><A href="sec_pdf.php?user_id=%s">Imprime</A></TD>',
00155           $l_line['use_id']
00156           );
00157 
00158   // Show access for journal
00159   $Res=ExecSql($cn_dossier,"select jrn_def_id,jrn_def_name  from jrn_def ");
00160   $admin=CheckIsAdmin($l2_line['use_login']);
00161 
00162   echo '<table align="CENTER" width="100%">';
00163   $MaxJrn=pg_NumRows($Res);
00164   for ( $i =0 ; $i < $MaxJrn; $i++ ) {
00165     $l_line=pg_fetch_array($Res,$i);
00166     echo '<TR> ';
00167     if ( $i == 0 ) echo '<TD> <B> Journal </B> </TD>';else echo "<TD></TD>";
00168     echo "<TD> $l_line[jrn_def_name] </TD>";
00169 
00170     $l_change="action=change_jrn&jrn=$l_line[jrn_def_id]&login=$l2_line[use_login]&user_id=$l2_line[use_id]";
00171 
00172     if ( $admin == 0) {
00173       $right=    CheckJrn($_SESSION['g_dossier'],$l2_line['use_login'],$l_line['jrn_def_id'] );
00174       echo_debug('user_sec.php',__LINE__,"Privilege is $right");
00175     } else $right = 3;
00176     if ( $right == 0 ) {
00177       echo "<TD BGCOLOR=RED>";
00178       echo "Pas d'accès";
00179       echo "</TD>";
00180       echo '<TD class="mtitle"> <A CLASS="mtitle" HREF="user_sec.php?'.$l_change.'&access=R"> Lecture</A></TD>';
00181       echo '<TD class="mtitle"> <A CLASS="mtitle" HREF="user_sec.php?'.$l_change.'&access=W"> Ecriture</A></TD>';
00182 
00183       }
00184     if ( $right == 1 ) {
00185       echo '<TD class="mtitle"> <A CLASS="mtitle" HREF="user_sec.php?'.$l_change.'&access=X"> Pas d\'accès</A></TD>';
00186       echo "<TD BGCOLOR=\"#3BCD27\">";
00187       echo "Lecture ";
00188       echo "</TD>";
00189       echo '<TD class="mtitle"> <A CLASS="mtitle" HREF="user_sec.php?'.$l_change.'&access=W"> Ecriture</A></TD>';
00190     }
00191     if ( $right == 2 ) {
00192       echo '<TD class="mtitle"> <A CLASS="mtitle" HREF="user_sec.php?'.$l_change.'&access=X"> Pas d\'accès</A></TD>';
00193       echo '<TD class="mtitle"> <A CLASS="mtitle" HREF="user_sec.php?'.$l_change.'&access=R"> Lecture</A></TD>';
00194 
00195       echo "<TD BGCOLOR=\"#3BCD27\">";
00196       echo "Ecriture ";
00197       echo "</TD>";
00198 
00199     }
00200     if ( $right == 3 ) { 
00201       echo '<TD class="mtitle">  Pas d\'accès</TD>';
00202       echo '<TD class="mtitle">  Lecture </TD>';
00203 
00204       echo "<TD BGCOLOR=\"#3BCD27\">";
00205       echo "Ecriture ";
00206       echo "</TD>";
00207 
00208     }
00209 
00210 
00211 
00212     echo '</TR>';
00213   }
00214 
00215   // Priv. for actions
00216   $Res=ExecSql($cn_dossier,
00217                "select ac_id, ac_description from action   order by ac_description ");
00218 
00219   $MaxJrn=pg_NumRows($Res);
00220 
00221   for ( $i =0 ; $i < $MaxJrn; $i++ ) {
00222     $l_line=pg_fetch_array($Res,$i);
00223     echo '<TR> ';
00224     if ( $i == 0 ) echo '<TD> <B> Action <B></TD>';else echo "<TD></TD>";
00225     echo "<TD>". $l_line['ac_description']." </TD>";
00226 
00227       $l_change="action=change_act&act=".$l_line['ac_id']."&login=".$l2_line['use_login']."&user_id=".$l2_line['use_id'];
00228       if ( $admin ==0 ) {
00229         $right=CheckAction($_SESSION['g_dossier'],$l2_line['use_login'],$l_line['ac_id']);
00230       } else {
00231         $right = 2;
00232       }
00233     if ( $right == 0 ) {
00234       echo "<TD BGCOLOR=RED>";
00235       echo "Pas d'accès";
00236       echo "</TD>";
00237       $l_change=$l_change."&access=1";
00238       echo '<TD class="mtitle"> <A CLASS="mtitle" HREF="user_sec.php?'.$l_change.'"> Accès </A></TD>';
00239     }   
00240     if ( $right == 1) {
00241       $l_change=$l_change."&access=0";
00242       echo '<TD class="mtitle"> <A CLASS="mtitle" HREF="user_sec.php?'.$l_change.'"> Pas d\'accès </A></TD>';
00243       echo "<TD BGCOLOR=\"#3BCD27\">";
00244       echo "Accès ";
00245       echo "</TD>";
00246       
00247     }
00248     if ( $right == 2) {
00249 
00250       echo '<TD class="mtitle">  Change </TD>';
00251       echo "<TD BGCOLOR=\"#3BCD27\">";
00252       echo "Accès ";
00253       echo "</TD>";
00254       
00255     }
00256 
00257 
00258     echo '</TR>';
00259   }
00260 
00261   echo '</TABLE>';
00262     
00263 }
00264 echo "</DIV>";
00265 html_page_stop();
00266 ?>